package com.leyu.mall.site.shiro.ext;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.StringUtils;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;
import org.apache.shiro.web.util.WebUtils;

/**
 * @author change
 * 
 */
public class ReturnUrlAuthorizationFilter extends AuthorizationFilter {
	static final String RETURN_URL_KEY="return_url";

	/*
	 * (non-Javadoc)
	 * 
	 * @see
	 * org.apache.shiro.web.filter.AccessControlFilter#isAccessAllowed(javax
	 * .servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object)
	 */
	@Override
	protected boolean isAccessAllowed(ServletRequest request,
			ServletResponse response, Object mappedValue) throws Exception {
		 Subject subject = getSubject(request, response);
	        String[] perms = (String[]) mappedValue;

	        boolean isPermitted = true;
	        if (perms != null && perms.length > 0) {
	            if (perms.length == 1) {
	                if (!subject.isPermitted(perms[0])) {
	                    isPermitted = false;
	                }
	            } else {
	                if (!subject.isPermittedAll(perms)) {
	                    isPermitted = false;
	                }
	            }
	        }

	        return isPermitted;
	}

	protected String parseReturnUrl(ServletRequest request) {
		return null;
	}

	protected void redirectToLogin(ServletRequest request,
			ServletResponse response) throws IOException {
		String loginUrl = getLoginUrl();
		String returnUrl = this.parseReturnUrl(request);
		if (StringUtils.hasText(returnUrl)) {
			loginUrl += "?return_url=" + returnUrl;
		}

		WebUtils.issueRedirect(request, response, loginUrl);
	}

	@Override
	protected boolean onAccessDenied(ServletRequest request,
			ServletResponse response) throws IOException {

		Subject subject = getSubject(request, response);
		// If the subject isn't identified, redirect to login URL
		if (subject.getPrincipal() == null) {
			saveRequestAndRedirectToLogin(request, response);
		} else {
			// If subject is known but not authorized, redirect to the
			// unauthorized URL if there is one
			// If no unauthorized URL is specified, just return an unauthorized
			// HTTP status code
			String unauthorizedUrl = getUnauthorizedUrl();
			// SHIRO-142 - ensure that redirect _or_ error code occurs - both
			// cannot happen due to response commit:
			if (StringUtils.hasText(unauthorizedUrl)) {
				String returnUrl = this.parseReturnUrl(request);
				if (StringUtils.hasText(returnUrl)) {
					unauthorizedUrl += "?return_url=" + returnUrl;
				}
				WebUtils.issueRedirect(request, response, unauthorizedUrl);
			} else {
				WebUtils.toHttp(response).sendError(
						HttpServletResponse.SC_UNAUTHORIZED);
			}
		}
		return false;
	}

}
